DOMINOS Project

Privacy Policy

Data Controller

The data controller responsible for the processing of personal data collected via this website is:

  • Organisation: Université Paris Cité
  • Registered Address: 85, boulevard Saint-Germain – 75006 Paris
  • Email: dpo@u-paris.fr

Data Collected

When using the contact form on this website, we may collect the following personal data:

  • First and last name
  • Professional email address
  • Name of the Professional Institution
  • Content of the message submitted

No other personal data is collected.

Purpose of Processing

Personal data collected via the contact form is used solely for responding to user enquiries or requests.

Legal Basis

The processing of personal data is based on the user’s explicit consent at the moment of form submission, in accordance with Article 6 of the EU General Data Protection Regulation (GDPR).

Recipients of Data

Personal data is exclusively accessible to authorised members of Université Paris Cité. Data is not shared with third parties except where required by law or where services (e.g., email delivery) rely on external providers.

Data Retention

Personal data submitted via the contact form is retained for a maximum of 3 months following the last contact, after which it is either securely deleted.

User Rights

Under the GDPR, users have the following rights concerning their personal data:

  • Right of access: Request a copy of data held about them
  • Right of rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of personal data
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability

Requests to exercise these rights can be sent to dpo@u-paris.fr. We will respond within one month.

International Data Transfers

Personal data submitted via the contact form may be processed or stored on servers located outside the European Economic Area (EEA), in particular in the United States of America, as WordPress.com (Automattic Inc.) is based there.

Under the EU General Data Protection Regulation (GDPR), personal data may only be transferred to a country outside the EEA if adequate protection is ensured. On 10 July 2023, the European Commission adopted an adequacy decision for the EU‑US Data Privacy Framework, recognising that the United States provides a level of data protection essentially equivalent to that in the EU for participating organisations.

This means that data processed by WordPress.com servers in the United States is covered by this adequacy decision, and additional safeguards are not required. The framework includes:

  • Limitations on access by US public authorities to only what is necessary and proportionate
  • Mechanisms for EU users to seek redress if their data is misused
  • Obligations for participating organisations to comply with the Framework and provide robust data protection.

Where personal data is transferred outside the EEA to countries not covered by an adequacy decision, appropriate safeguards such as Standard Contractual Clauses (SCCs) are implemented to ensure compliance with GDPR.

Cookies

This website may use cookies for functional purposes (e.g., session management) or for anonymous statistical analysis. Users will be informed of cookies and can choose to accept or refuse them via the website interface.

Security Measures

We implement reasonable technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. However, absolute security cannot be guaranteed, and users are advised to take appropriate precautions.

Changes to this Policy

This privacy policy may be updated from time to time. Users are encouraged to review this page periodically for any changes. The latest version will always be published on this website.